[Federal Register Volume 84, Number 74 (Wednesday, April 17, 2019)]
[Notices]
[Pages 16141-16145]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-07647]
-----------------------------------------------------------------------
DEPARTMENT OF VETERANS AFFAIRS
Privacy Act of 1974; System of Records
AGENCY: Office of Inspector General (OIG), Department of Veterans
Affairs (VA).
ACTION: Notice of modified system of records.
-----------------------------------------------------------------------
SUMMARY: As required by the Privacy Act of 1974, notice is hereby given
that the Department of Veterans Affairs (VA) is amending the system of
records known as ``Criminal Investigations'' (11VA51) by amending the
Routine Uses and the Policies and Practices for Storing, Retrieving,
Accessing, Retaining, and Disposing of Records within the System. VA is
republishing the system notice in its entirety.
DATES: Comments on this modified system of records must be received no
later than 30 days after date of publication in the Federal Register.
If no public comment is received during the period allowed for comment
or unless otherwise published in the Federal Register by VA, the
modified system of records will become effective a minimum of 30 days
after date of publication in the Federal Register. If VA receives
public comments, VA shall review the comments to determine whether any
changes to the notice are necessary.
ADDRESSES: Written comments may be submitted through
[[Page 16142]]
www.Regulations.gov; by mail or hand-delivery to Director, Regulation
Policy and Management (00REG), Department of Veterans Affairs, 810
Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202)
273-9026 (not a toll-free number). Comments should indicate that they
are submitted in response to Inspector General Hotline (Complaint
Center) Records (66VA53). Copies of comments received will be available
for public inspection in the Office of Regulation Policy and
Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m.,
Monday through Friday (except holidays). Please call (202) 461-4902 for
an appointment. (This is not a toll-free number.) In addition, comments
may be viewed online at www.Regulations.gov.
FOR FURTHER INFORMATION CONTACT: Christopher Connor, Chief, Information
Release Office (50CI), Office of Inspector General, Department of
Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, 202-461-
4269; or fax comments to (202) 495-5859. Amy L. Rose, VA Privacy
Service, Office of Information Security (OIS), Office of Information
and Technology (OIT), Department of Veterans Affairs, 810 Vermont
Avenue NW, Washington, DC 20420, (202) 632-7497.
SUPPLEMENTARY INFORMATION: This publication is in accordance with the
Privacy Act requirement that agencies publish their amended system of
records in the Federal Register when there is revision, change, or
addition. The VA Office of Inspector General (OIG) has reviewed its
system of records notices and has determined its record system,
``Criminal Investigations'' (11VA51), should be amended to reflect
evolving technology and procedures, to conform to current practice, and
to reflect current authorities. The Routine Uses are amended to conform
to changes recommended by OMB. The storage practices section will now
reflect that data is stored in VA OIG's new Enterprise Management
System (EMS) database in addition to the legacy Master Case Index (MCI)
database.
The Senior Agency Official for Privacy, or designee, approved this
document and authorized the undersigned to sign and submit the document
to the Office of the Federal Register for publication electronically as
an official document of the Department of Veterans Affairs.
Andr[eacute] Horton, Deputy Chief Information Security Officer,
Department of Veterans Affairs approved this document on January 8,
2019 for publication.
Dated: April 12, 2019.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.
11VA51
SYSTEM NAME:
Criminal Investigations (11VA51).
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
Department of Veterans Affairs (VA), Office of Inspector General
(OIG), Office of Assistant Inspector General for Management and
Administration (53), 810 Vermont Avenue NW, Washington, DC 20420.
SYSTEM MANAGER(S):
Assistant Inspector General for Management and Administration (53),
Department of Veterans Affairs, Office of Inspector General, 810
Vermont Avenue NW, Washington, DC 20420, (202) 461-4760,
[email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Inspector General Act of 1978, Public Law (P.L.) 95-452, 5 U.S.C.
App., as amended through P.L. 115-254 (IG Act).
PURPOSE(S) OF THE SYSTEM:
The purpose of this system of records is to compile evidence to
prove or disprove criminal conduct, identify individual criminal
offenders and alleged offenders, and identify witnesses and documents
relevant to the investigation of the allegations. The records and
information in the system are used in federal and state grand jury
proceedings, pre-trial negotiations, plea agreements, pre-trial
diversions, court hearings and trials. The records and information in
the system may also be used in administrative proceedings when
administrative action is taken against the subject of the
investigation. VA OIG is modifying the system of records to give notice
of changes to the system location and system manager, and to reflect
amendments to the authority under which the system of records is
maintained.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The following categories of individuals will be covered by the
system: (1) Employees, (2) veterans and other VA beneficiaries, and (3)
private citizens, such as contractors, who conduct official business
with the VA, or private citizens whose actions affect or relate to the
programs and operations of VA. The individuals who are or have been the
subjects of investigations are those alleged to have violated criminal
laws, either federal or state, either in the performance of their
official duties or related to the programs and operations of VA.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records and information in this system include reports of criminal
investigations of the VA OIG, Office of Investigations. These reports
may include (1) a narrative summary or synopsis, (2) allegations of
specific wrongdoing or crimes committed, (3) progress reports, (4)
exhibits or attachments to the reports, (5) internal documentation and
memoranda, and (6) affidavits or sworn statements. The name of the
subject of an investigation, his or her title, his or her date of
birth, his or her social security number, his or her home address, the
station at which an investigation took place, the OIG's case number,
the time period the investigation took place, and the outcome of the
case are maintained in an electronic database and in hard copy files.
RECORD SOURCE CATEGORIES:
Information is obtained from VA employees, third parties (e.g., a
veteran, VA beneficiary, VA contractor, or private party), the
Government Accountability Office, VA records, congressional, federal,
state, and local offices or agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
1. Congress: VA may disclose information from the record of an
individual in response to an inquiry from a congressional office made
at the request of that individual.
VA must be able to provide information about individuals to
adequately respond to inquiries from Members of Congress at the request
of constituents who have sought their assistance.
2. Data breach response and remedial efforts: VA may, on its own
initiative, disclose information from this system to appropriate
agencies, entities, and persons when (1) VA suspects or has confirmed
that the integrity or confidentiality of information in the system of
records has been compromised; (2) the Department has determined that as
a result of the suspected or confirmed compromise there is a risk of
embarrassment or harm to the reputations of the record subjects, harm
to economic or property interests, identity theft or fraud, or harm to
the security, confidentiality, or integrity of this system or other
systems or
[[Page 16143]]
programs (whether maintained by the Department or another agency or
entity) that rely upon the potentially compromised information; and (3)
the disclosure is to agencies, entities, or persons whom VA determines
are reasonably necessary to assist or carry out the Department's
efforts to respond to the suspected or confirmed compromise and
prevent, minimize, or remedy such harm.
This routine use permits disclosures by the Department to respond
to a suspected or confirmed data breach, including the conduct of any
risk analysis or provision of credit protection services as provided in
38 U.S.C. 5724.
a. Effective Response. A federal agency's ability to respond
quickly and effectively in the event of a breach of federal data is
critical to its efforts to prevent or minimize any consequent harm. An
effective response necessitates disclosure of information regarding the
breach to those individuals affected by it, as well as to persons and
entities in a position to cooperate, either by assisting in
notification to affected individuals or playing a role in preventing or
minimizing harms from the breach.
b. Disclosure of Information. Often, the information to be
disclosed to such persons and entities is maintained by federal
agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy
Act prohibits the disclosure of any record in a system of records by
any means of communication to any person or agency absent the written
consent of the subject individual, unless the disclosure falls within
one of twelve statutory exceptions. In order to ensure an agency is in
the best position to respond in a timely and effective manner, in
accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should
publish a routine use for appropriate systems specifically applying to
the disclosure of information in connection with response and remedial
efforts in the event of a data breach.
c. Data breach response and remedial efforts with another Federal
agency VA may, on its own initiative, disclose information from this
system to another Federal agency or Federal entity, when VA determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach or (2) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs, and operations), the Federal
Government, or national security, resulting from a suspected or
confirmed breach.
3. Law Enforcement: VA may, on its own initiative, disclose
information in this system which is relevant to a suspected or
reasonably imminent violation of law, whether civil, criminal or
regulatory in nature and whether arising by general or program statute
or by regulation, rule or order issued pursuant thereto, to a federal,
state, local, tribal, or foreign agency charged with the responsibility
of investigating or prosecuting such violation, or charged with
enforcing or implementing the statute, regulation, rule or order. On
its own initiative, VA may also disclose the names and addresses of
veterans and their dependents to a federal agency charged with the
responsibility of investigating or prosecuting civil, criminal or
regulatory violations of law, or charged with enforcing or implementing
the statute, regulation, rule or order issued pursuant thereto.
VA must be able to provide on its own initiative information that
pertains to a violation of laws to law enforcement authorities to
enable authorities to investigate and enforce those laws. Under 38
U.S.C. 5701(a) and (f), VA may disclose the names and addresses of
veterans and their dependents to federal entities with law enforcement
responsibilities. This is distinct from the authority to disclose
records in response to a qualifying request from a law enforcement
entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7).
4. Litigation: VA may disclose information from this system of
records to the Department of Justice (DoJ), either on VA's initiative
or in response to DoJ's request for the information, after either VA or
DoJ determines that such information is relevant to DoJ's
representation of the United States or any of its components in legal
proceedings before a court or adjudicative body, provided that, in each
case, the agency also determines prior to disclosure that release of
the records to the DoJ is a use of the information contained in the
records that is compatible with the purpose for which VA collected the
records. VA, on its own initiative, may disclose records in this system
of records in legal proceedings before a court or administrative body
after determining that the disclosure of the records to the court or
administrative body is a use of the information contained in the
records that is compatible with the purpose for which VA collected the
records.
To determine whether to disclose records under this routine use, VA
will comply with the guidance promulgated by the Office of Management
and Budget in a May 24, 1985, memorandum entitled ``Privacy Act
Guidance--Update,'' currently posted at http://www.whitehouse.gov/omb/inforeg/guidance1985.pdf.
VA must be able to provide information to DoJ in litigation where
the United States or any of its components is involved or has an
interest. A determination would be made in each instance that under the
circumstances involved, the purpose is compatible with the purpose for
which VA collected the information. This routine use is distinct from
the authority to disclose records in response to a court order under
subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any
other provision of subsection (b), in accordance with the court's
analysis in Doe v. DiGenova, 779 F.2d 74, 78-85 (DC Cir. 1985) and Doe
v. Stephens, 851 F.2d 1457, 1465-67 (DC Cir. 1988).
5. Contractors: VA may disclose information from this system of
records to individuals, organizations, private or public agencies, or
other entities or individuals with whom VA has a contract or agreement
to perform such services as VA may deem practicable for the purposes of
laws administered by VA, in order for the contractor, subcontractor,
public or private agency, or other entity or individual with whom VA
has a contract or agreement to perform services under the contract or
agreement.
This routine use includes disclosures by an individual or entity
performing services for VA to any secondary entity or individual to
perform an activity that is necessary for individuals, organizations,
private or public agencies, or other entities or individuals with whom
VA has a contract or agreement to provide the service to VA.
This routine use, which also applies to agreements that do not
qualify as contracts defined by federal procurement laws and
regulations, is consistent with OMB guidance in OMB Circular A-130,
App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to
address disclosure of Privacy Act-protected information to contractors
to enable them to perform the services and contracts for the agency.
6. Equal Employment Opportunity Commission (EEOC): VA may disclose
information from this system to the EEOC when requested in connection
with investigations of alleged or possible discriminatory practices,
examination of federal affirmative employment programs, or other
functions of the Commission as authorized by law or regulation.
[[Page 16144]]
VA must be able to provide information to EEOC to assist it in
fulfilling its duties to protect employees' rights, as required by
statute and regulation.
7. Federal Labor Relations Authority (FLRA): VA may disclose
information from this system to the FLRA, including its General
Counsel, information related to the establishment of jurisdiction,
investigation, and resolution of allegations of unfair labor practices,
or in connection with the resolution of exceptions to arbitration
awards when a question of material fact is raised; for it to address
matters properly before the Federal Services Impasses Panel,
investigate representation petitions, and conduct or supervise
representation elections.
VA must be able to provide information to FLRA to comply with the
statutory mandate under which it operates.
8. Merit Systems Protection Board (MSPB): VA may disclose
information from this system to the MSPB, or the Office of the Special
Counsel, when requested in connection with appeals, special studies of
the civil service and other merit systems, review of rules and
regulations, investigation of alleged or possible prohibited personnel
practices, and such other functions promulgated in 5 U.S.C. 1205 and
1206, or as authorized by law.
VA must be able to provide information to MSPB to assist it in
fulfilling its duties as required by statute and regulation.
9. National Archives and Records Administration (NARA) and General
Services Administration (GSA): VA may disclose information from this
system to NARA and GSA in records management inspections conducted
under title 44, U.S.C.
NARA is responsible for archiving old records which are no longer
actively used but may be appropriate for preservation, and for the
physical maintenance of the Federal government's records. VA must be
able to provide the records to NARA in order to determine the proper
disposition of such records.
10. The agency may disclose any information in this system, except
the name and address of a veteran, to a federal, state, or local agency
maintaining civil or criminal violation records or other pertinent
information such as prior employment history, prior federal employment
background investigations, and/or personal or educational background in
order for VA to obtain information relevant to the hiring, transfer, or
retention of an employee, the letting of a contract, the granting of a
security clearance, or the issuance of a grant or other benefit. The
name and address of a veteran may be disclosed to a federal agency
under this routine use if this information has been requested by the
federal agency to respond to the VA inquiry.
11. To assist attorneys in representing their clients, the agency
may disclose any information in this system to attorneys representing
subjects of investigations, including veterans, federal government
employees, retirees, volunteers, contractors, subcontractors, or
private citizens, except where VA has decided release is inappropriate
under Title 5, United States Code, Section 552a(j) and (k).
12. Any information in this system of records may be disclosed, in
the course of presenting evidence to a court, magistrate,
administrative tribunal, or grand jury, including disclosures to
opposing counsel in the course of such proceedings or in settlement
negotiations.
13. The agency may disclose any information in this system to any
source or person, either private or governmental, to the extent
necessary to secure from such source or person information relevant to,
and sought in furtherance of, an investigation, review, or inspection.
14. The agency may disclose any information in this system, except
the name and address of a veteran, to federal, state, or local
professional, regulatory, or disciplinary organizations or
associations, including but not limited to bar associations, state
licensing boards, and similar professional entities, for use in
disciplinary proceedings and inquiries preparatory thereto, where VA
determines that there is good cause to question the legality or ethical
propriety of the conduct of a person employed by VA or a person
representing a person in a matter before VA. The name and address of a
veteran may be disclosed to a federal agency under this routine use if
this information has been requested by the federal agency to enable it
to respond to the VA inquiry.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
Records and information are stored electronically in the VA OIG's
new EMS (Enterprise Management System) or legacy MCI (Master Case
Index) databases and servers at the VA OIG's office at 801 I Street NW,
Washington, DC 20420, in the office of the VA OIG's Information
Technology Division. Backup records are stored on magnetic disc, tape
and CD-ROM and may also be retained in hard copy format in secure file
folders. The VA OIG Office of Investigations, Hotline Division is
responsible for electronically inputting records and information
received from complainants, referrals and correspondence related to the
initiation of a case, and final reports. Information inputted
electronically includes all correspondence to and from complainants,
correspondence (including email messages) to and among VA OIG
organizational elements about complaints, and correspondence to and
from any VA component to which a case was referred. Complaints and
information about VA employees, including all investigative reports and
work papers, are maintained in electronic files with restricted access
limited to those with a need to know for their the official duties,
including personnel in the VA OIG Office of Investigations, VA OIG
Human Resources Management Division, VA OIG attorneys, and VA OIG
management officials responsible for supervising any VA OIG employee
who is the subject of an internal investigation. Hard copies of records
and information are discussed in the storage section below.
STORAGE:
Hard copies of documents and information are maintained by the OIG
organization that conducts the review, inspection, or investigation.
For example, the Administrative Investigations Division, at VA OIG
headquarters, maintains hard copies of an investigative file which
contains a case referral from Hotline, the final report, all
documentation supporting the final report, draft reports,
correspondence, and all information collected as part of the
investigation. Similarly, the VA OIG Office of Healthcare Inspections
(OHI) maintains hard copies of its investigations (final reports and
supporting documentation). Other records and information (i.e., work
papers) about investigations related to individuals compiled by OHI are
maintained in the OHI field office that conducted the investigation.
Any internal VA OIG investigations on VA OIG employees, conducted prior
to the implementation of electronic files, are maintained in hard copy
only and are secured in the Office of Investigations, Analysis and
Oversight Division (51X). Access to those files is highly restricted.
RETRIEVABILITY:
Information and records are retrieved by EMS or MCI case number and
the name of the subject of the investigation. Scanned documents,
reports and other uploaded information that are made part
[[Page 16145]]
of the electronic file cannot be searched or retrieved from the EMS or
MCI databases as part of a general search.
SAFEGUARDS:
Information in the system is protected from unauthorized access
through administrative, physical, and technical safeguards. Access to
the hard copy and computerized information is restricted to authorized
OIG personnel on a need-to-know basis. Hard copy records are maintained
in offices that are restricted during work hours or are locked after
duty hours. The headquarters building is protected by security guards
and access is restricted during non-duty hours. Access to the
computerized information is limited to VA OIG employees by means of
passwords and authorized user identification codes. Computer system
documentation is maintained in a secure environment in the Office of
Inspector General, VA Central Office.
RETENTION AND DISPOSAL:
Records will be maintained and disposed of in accordance with a
records disposition authority approved by the Archivist of the United
States.
SYSTEM MANAGER(S) AND ADDRESS:
Assistant Inspector General for Management and Administration (53),
Department of Veterans Affairs, Office of Inspector General, 810
Vermont Avenue NW, Washington, DC 20420.
NOTIFICATION PROCEDURE:
An individual who wishes to determine whether a record is being
maintained by the Assistant Inspector General for Investigations, under
his or her name in this system or wishes to determine the contents of
such records should submit a written request to the Assistant Inspector
General for Management and Administration (53). However, a majority of
records in this system are exempt from the notification requirements
under 5 U.S.C. 552a (j) and (k). To the extent that records in this
system of records are not subject to exemption, they are subject to
notification. A determination as to whether an exemption applies shall
be made at the time a request for notification is received.
RECORD ACCESS PROCEDURES:
An individual who seeks access to or wishes to contest records
maintained under his or her name in this system must submit a written
request to the Chief, Information Release Office (50CI). However, a
majority of records in this system are exempt from the records access
and contesting requirements under 5 U.S.C. 552a (j) and (k). To the
extent that records in this system of records are not subject to
exemption, they are subject to access and contest. A determination as
to whether an exemption applies shall be made at the time a request for
access or contest is received.
CONTESTING RECORD PROCEDURES:
(See records access procedures above.)
RECORD SOURCE CATEGORIES:
Information is obtained from VA employees, third parties (e.g., a
veteran, VA beneficiary, VA contractor, or private party), the
Government Accountability Office, Department of Veterans Affairs
records, congressional, federal, state, and local offices or agencies.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
Under 5 U.S.C. 552a(j)(2), the head of any agency may exempt any
system of records within the agency from certain provisions of the
Privacy Act, if the agency or component that maintains the system
performs as its principal function any activities pertaining to the
enforcement of criminal laws. The Inspector General Act of 1978, Public
Law 95-452 (IG Act), as amended, mandates that the Inspector General
recommend policies for and to conduct, supervise, and coordinate
activities in the Department of Veterans Affairs and between VA and
other Federal, State and local governmental agencies with respect to:
(1) The prevention and detection of fraud in programs and operations
administered or financed by VA and (2) the identification and
prosecution of participants in such fraud. Under the IG Act, whenever
the Inspector General has reasonable grounds to believe there has been
a violation of Federal criminal law, the Inspector General must report
the matter expeditiously to the Attorney General. This system of
records has been created in major part to support the criminal law-
related activities assigned by the Inspector General to the Assistant
Inspector General for Investigations. These activities constitute a
principal function of the Inspector General's Hotline/Complaint Center
staff. In addition to principal functions pertaining to the enforcement
of criminal laws, the Inspector General may receive and investigate
complaints and allegations from various sources concerning the possible
existence of activities constituting non-criminal violations of law,
rules or regulations; mismanagement; gross waste of funds; abuses of
authority or substantial and specific danger to the public health and
safety. This system of records also exists to support inquiries by the
Assistant Inspectors General for Auditing, for Management and
Administration, for Administrative Investigations, and for Healthcare
Inspections into non-criminal matters. Based upon the foregoing, the
Secretary of Veterans Affairs has exempted this system of records, to
the extent that it encompasses information pertaining to criminal law-
related activities, from the following provisions of the Privacy Act of
1974, as permitted by 5 U.S.C. 552a(j)(2): 5 U.S.C. 552a(c) (3) and
(4); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e) (1), (2) and (3); 5 U.S.C.
552a(e)(4) (G), and (H) and (I); 5 U.S.C. 552a(e) (5) and (8); 5 U.S.C.
552a(f); 5 U.S.C. 552a(g).
The Secretary of Veterans Affairs has also exempted this system of
records to the extent that it does not encompass information pertaining
to criminal law related activities under 5 U.S.C. 552a(j)(2) from the
following provisions of the Privacy Act of 1974, as permitted by 5
U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); 5 U.S.C. 552a(d); 5 U.S.C.
552a(e)(1); 5 U.S.C. 552a(e)(4) (G), (H) and (I); 5 U.S.C. 552a(f).
REASONS FOR EXEMPTIONS:
The exemption of information and material in this system of records
is necessary in order to accomplish the law enforcement functions of
the Office of Inspector General, e.g., to prevent subjects of
investigations from frustrating the investigatory process by
discovering the scope and progress of an investigation, to prevent the
disclosure of investigative techniques, to fulfill commitments made to
protect the confidentiality of sources, to maintain access to sources
of information and to avoid endangering these sources and law
enforcement personnel.
HISTORY:
[See the last full Federal Register notice, 73 FR 46708, Aug. 11,
2008].
[FR Doc. 2019-07647 Filed 4-16-19; 8:45 am]
BILLING CODE 8320-01-P